SB2023022816 - Multiple vulnerabilities in IBM FlashSystem (and TMS RAMSAN) 710, 720, 810, and 820 systems 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023022816

SB2023022816 - Multiple vulnerabilities in IBM FlashSystem (and TMS RAMSAN) 710, 720, 810, and 820 systems

Published: February 28, 2023

Security Bulletin ID SB2023022816
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2014-5119)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.


2) Path traversal (CVE-ID: CVE-2014-0475)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.


Remediation

Install update from vendor's website.

References